By Rob Starr, Big4.com Content Manager
Dr. Michael Gelles is a psychologist and director at Deloitte Consulting LLP who specializes in insider threat, security process, secure workforce, asset loss, and national security, as well as other topics. Gelles recently co-authored a report for Deloitte’s CFO Insights titled Unmasking Insider Threats that outlines action items for corporate leaders to consider when designing and implementing an insider threat mitigation program.
He has an extensive background on the subject that stretches all the way back to another age.
“I’ve been with Deloitte for nine years,” he says. “Before that, I was in federal law enforcement working on insider threats since 1988, and when you go back to that era, you’re really in the world of brick and mortar.” Those times necessitated a reactive mode to the behaviors that constituted insider threats, which were almost all focused around espionage.
Bits and Bytes
“As we moved forward, technology began to take hold of the way we do business and we entered into the world of bits and bytes.”
The shift changed the definition of insider threat from a low frequency/ high impact event to one that occurs much more often. Gelles says one of the other key differences is the transition from being reactive to proactive to these evolving events. He says one of the big reasons for the evolution has to do with a clarification of the principals behind insider threats and awareness these criminals don’t act impulsively.
“These folks move along a continuum from idea to action. If you’re able to look for specific behavior with the use of technology, you can interrupt forward motion by proactively detecting anomalous behaviors,” he says. “We’ve moved from an era where everything was driven by paper, pencil and typewriters to today, where everything is done in the virtual space.”
Identify abnormal patterns
With people’s behaviors partially existing inside computers in today’s business world, there are possibilities to identify abnormal patterns – and therein lies the ability to proactively combat insider threats. Of course, with the shifting technology landscape, the definition of an insider becomes important. Gelles defines an insider as an employee, contractor or vendor that has access to an organization’s information, material, facilities, or people.
“What we’re seeing is insiders defined across three continuums that interface with the organization and to some extent technology,” he says, adding the first of these categories is the malicious individual or group with inherent bad intent. Of the two other subsects, the first is a person who might be unwittingly doing the wrong things with or without malevolent intent, but is lax with procedures and policies and is otherwise complacent. The last category is blunt in that it is called “ignorant” and it calls on organizations to have training and procedures in place to define behavioral expectations of employees.
“The definitions that we think about today are much broader than just those dealing with information,” Gelles says.